cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
3
Replies

cisco switch/router authentication

dave dave
Level 1
Level 1

hi! is there anyway that i can authenticate user login thru Microsoft AD/IAS to the cisco switch/router without using Cisco ACS or any paid solution? Thx

3 Replies 3

camejia
Level 3
Level 3

Hello,

IOS configuration:

Switch(config)#radius-server host 192.168.250.20 key cisco123

Switch(config)#aaa authentication login default group radius local

Switch(config)#aaa authorization exec default group radius local

IAS configuration:

1) Define the RADIUS client entry:

2) Define the IAS Policies:

Click Edit Profile:

Enable all methods under Authentication Tab:

Under Advance leave only Service Type with Administrative value:

The AD acount needs to have Dial-In Permission as "Allow Acces".

Note: Click images to enlarge.

If this was helpful please rate.

Regards.

hi! What's the different between this method compared to ACS? I think in ACS you can grant different levels of rights, besides that any other different?

Thx.

Hello,

With the ACS server you include support to both TACACS+ (Device Management) and RADIUS (Network Access) authentication. With TACACS+ you can configure Command Restriction Sets and Assign specific Privilege Levels to the authenticated users.

As RADIUS is meant for Network Access (VPN, Wireless) device management authentication and authorization is limited.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: